e3b335a6210e3756c9dad7dfa16d7e2852a9674dd15e8c9b9c4f538cc7ed1014

Analysis

max time kernel
1800s
max time network
1799s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb186d77def7fb80cf24a010111b3bfe.jpg
Size

10KB
MD5

4459c04d0262372202aabc164d1432d8
SHA1

fb98e4e39b158c2f70301e3af57ff84734f6c28e
SHA256

e3b335a6210e3756c9dad7dfa16d7e2852a9674dd15e8c9b9c4f538cc7ed1014
SHA512

5b55c896fd271ea9449fab422fafd590b4717c7c51f1d21b93b663ec5ecdaa5572faea0e84433549ef951a2e3b2cc5b3580f356b50fb13d0cb009583a1d243b8
SSDEEP

192:IVjpz4P10PcxLIf6ME4c9PfmR3L9z5Lu94Z780qPw2lYgXVhpbuTSDhZgU:I9p1clIfNUfmxl5L7Z780qPwylhpDh6U

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630322785005281"	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
3688	msedge.exe
3688	msedge.exe
4580	msedge.exe
4580	msedge.exe
5576	identity_helper.exe
5576	identity_helper.exe
4976	chrome.exe
4976	chrome.exe
3964	msedge.exe
3964	msedge.exe
5052	msedge.exe
5052	msedge.exe
5940	identity_helper.exe
5940	identity_helper.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
4108	chrome.exe
5052	msedge.exe
5052	msedge.exe
4108	chrome.exe
5052	msedge.exe
4108	chrome.exe
5052	msedge.exe
4108	chrome.exe
5052	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 3372	4108	chrome.exe	88
PID 4108 wrote to memory of 3372	4108	chrome.exe	88
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4192	4108	chrome.exe	89
PID 4108 wrote to memory of 4944	4108	chrome.exe	90
PID 4108 wrote to memory of 4944	4108	chrome.exe	90
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91
PID 4108 wrote to memory of 1648	4108	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\cb186d77def7fb80cf24a010111b3bfe.jpg
1⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f529ab58,0x7ff9f529ab68,0x7ff9f529ab78
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4820 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4548 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4536 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3324 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4136 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4452 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2520 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4172 --field-trial-handle=1932,i,4336807489547716018,8200012470427499118,131072 /prefetch:1
  2⤵
  PID:5588

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f28646f8,0x7ff9f2864708,0x7ff9f2864718
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6137488420123128351,5210657544704958562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f28646f8,0x7ff9f2864708,0x7ff9f2864718
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7934457219397253729,13997077264406116713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5215d3c2e77f5a1958e23a5e0124a155

SHA1
8b6b6a51682a0f51a2b93fe5e7ff0bd30bc140a7

SHA256
3d6035312117eeff435c7576b700637f603c369ae321c8d8b44e0c30697eb624

SHA512
c8d6ab34eadc57ec6c2de2abfe66d4c224e4d891f490fc32c80bea072a427b4987a6ac909c9b024e89fa8ade1881de26793a17b086cde66b99f6774552bf0ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
0d5cd7e69a710cbdbfc2ef696cf15b4c

SHA1
013e6265bbbd8ccb944c6f519a2507838981ce32

SHA256
03ed8a147317e7021acf5eb89a1f0db026f8c7758cea6c50c4a365287e268874

SHA512
b4eb7872419d1291cdcea7ce9b80a6c9cd16a3df5a2c479f563461ee63390b825394f68d0753a068a93586cd3345a7ed68b15857166ddc0ae0689c93851dd43b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
5b34fa332e05ca0ac04464cba7e0ce9a

SHA1
f7d2ad475dd7e0919a2cf6762279993543f6a8fa

SHA256
b09569e8bfb21c555219a5d3e9c5c220664d20228f02fc0b233901e5772649b3

SHA512
89cac0eca626c7923ab1fe160b324daa13e48bdc497e9a62a5459e49cbd7624040e5812a6fceccbc147f3e58f94ba89472d91b30c5b5dd3faad31d49731ea4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
28aa220da146a3c1a38e29ce4dfa847b

SHA1
4672b1935907372223c47d47c2fdb7ef05ac2b0d

SHA256
367a283ef3660fe7696e083e8dc30981e8f4d85d5cb89a3fa3d6126ce0823287

SHA512
e8cf80fd9302192cad7ed838fdb756992388f78a3f6b3f3e2291742ff670e7b1c444f9c3d9c20e2c6606f573edb6516529d5fee3fe9e04bd3d3efe7609693695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
666e6cc42e8ad007968cf9f5c001adf0

SHA1
8de26b29eae2cb93cc5aa7f8f17ad6d5cf4d29df

SHA256
e2459bd784281a0a1c709570afe4ecfafc807dad5d7db6bfbc37f52dd06e8515

SHA512
e8351e5c37312f17c6b2302b65aeb1435d33d5b9645187f6c20162b897990b2c2d5b6cf6698092dfa0a7030d0b2488fe8b809a9366bac784063d4cd8525a9136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\841a6d4f-5dda-4472-8f87-64e633e24b97.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
07e98c80e1ca9fb9c864eab4f6aac18e

SHA1
09d099926e1b891c05b55c1de4bd32d36b356bee

SHA256
1cec42aea3cf5a87ba13dba5702352be97cd43fb01e6a46fe0e153318c801a47

SHA512
a413fb644d904006512dfa81538ac20e6b8bb9ee113cd456487ed977c2afde5e38a0bfc02ff2d43f3b66555594c8684715a6f11949bd52f7ab9dfe5aeeb3a1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
5bcc0000dc05ceb7b329d165aef1f61d

SHA1
8873ad94f1dc29f9a9f61a8902f1dda353483aeb

SHA256
67611afe89c6ceb12c19f7163dde7bc71f39de69a9f20695055bd96c38c56467

SHA512
e23fbd14acc429246b2cb701ef5bb7c446b7fd90436a32ecf34f9d149098f94138809007890394a7606c5ad1bd4218411705cca2ee56990e4ad449ac01fa73c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
ad84e95dac0c95008842224d82ae5e2d

SHA1
96f3e6ec7c21d4220ec978225c340f0ce76c1cde

SHA256
aff81d9bb257d512306f99a205dfa3d95443a2d07013201fc2a4feb332e5ffb4

SHA512
94bac3216441d64062e8583508b6471c0c6cfd8ac4d1d97e23f3d8418a5211d88446dfb0c372a3e574c4cc22e06d788e04cda87bcd506fe167b68c48dca67f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b65b45aa427ba0ede23b7f50db01ab04

SHA1
7833786acf8c4531dad63175ffd5e60338e91ac8

SHA256
0273bdb9640dff20880b8d754688ecb7c8febd30552ed7a118e673f20c2615f1

SHA512
fd52ce1d15bf34286fc292ec2ecea8220d70358423ca48fac043868f31ef2401a8a2313214bf7bf864d9cf67094051d0db6fbdb56f75f37e7b4e52ea63b370dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
b96a3b0ade463c3e2bda82ac4512ee07

SHA1
0a7661ad54a03d8d00d092227c709e2b52dd81f0

SHA256
27ee10d60040ad815a821e44499c7a411ec63e11a776d175dc79da39202028a3

SHA512
fb4dd207dad2f144927907b20918efd5e1a0f506f1bed1d7b7ee28e4529eac73f93a058a4325a2f3d398c5f89320ed3afa118b55a22d4545b09c8ec731e4f90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
1225a7546bec8d79ecee4d6f8a5d61e5

SHA1
fc706426d61a87a28ec7b0f1e856a893ef5763ec

SHA256
46ea93e8ceba11af9afa9d389c8d61422929e008793c710ce46240f1df773f42

SHA512
0d4b93e0e479fa9fab67997d33f803b723cee49d3caffe2f5e6803690e6899703b144f422c4d00f2504e0a15cc0e6566fb001ec70181745f2ecd0c8187956759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a01c0416c4658fc1d66541efda0656b9

SHA1
0e8284e09416eded93d2179f5c24c5ec131ed878

SHA256
df7e5522a73659ac73e9dff60dfd1a4d33634d3cc4709a82e0c04f124a8aeae4

SHA512
e260bc18385d64b4ea009f20153d7a3cd565f01b0e5d9244be2241b1d2243070ed48a2d1afbfe41619dd91455669f73aae46ba1910f953149880e69db1bf530c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c80096372c416147931150a9ad96f1a6

SHA1
4e9f99863e3c2890917ea94b2610c80caea794f7

SHA256
1632ef1cac1a9fe75dbecaa694cc96793350cd6611d740eba84ddfb49eec79b9

SHA512
e66fc74272bd4db9b5f15b4b1cc2b4e6dedc213aa0270fccd45a53270e29b63f6a7b95399ce34562ee78efdf2485009680740038ce1a4b0a181cbd70f44f3d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2f7722338db970e608c3de7fac0e491

SHA1
be4f23613db0373405c8e2535a9f77c8438589fd

SHA256
29e4097c84c409b3c33e2695273ced966aae4a33c6dff4d85c4b68264bd2437d

SHA512
8cd5beee5e4ad7484ae37fe158944cefac741cc047c4e95f47ddd010223275ff55a6e55448fd10e0809ab4a8eb51888e280afa03f0dcb9f6140205b9c916f888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
faa927a038cf3a47d1a7bcf05aa11ff9

SHA1
ebfdf46167dd81c25c325be3e2442ee30d928438

SHA256
0b3786d952977820345ac4958668c6178f133ba995abc6184d267cf780b0307a

SHA512
768f15f07f9c28ad30ebf40ba4a85efc535bc20524f86583bdf6a3f989d0aab6da95fdf3ce5a85157bceb7c5900ba945e3ff91fdee7197b4e58e68e42d23ef71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87305f6817e764549f8a8ee1b741826e

SHA1
339e8cfe964d7aca018ba6707c6eec087c81607e

SHA256
e24dfb78cb40e7654c3dbf17027aa10ae3a4efb00f4ceec326efd2d3947c3e0e

SHA512
4608d0dfc50bacf5ea775e6bf13bef05ff0f85bdad91187b8d6ae3b5abd0816ca7cef53113b714ae33f7dfe7ed67cd2c18a64dd422217e52f3ad79ae2be67792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
04cf245ee263ae5dae3821f20dab7ccc

SHA1
3e33dc8d99704104dd4b214e1f2fe5231a1608db

SHA256
2f8fbc0faebad9377d4fff837810797a570a8f429b4c6df1c2a21801d1e90548

SHA512
4676e9172c392cbde8f7a40dfe51459e5e6668334cb3e02b5e3029767520294dcec296c6969a8bb5a13cee12c38c9e8a1ccd5142540a11952114671e1b45c01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363032298798398

Filesize
1KB

MD5
e3bc4e62167c402ea8dd9855621a3318

SHA1
8f8607464283fd14ba89e7ab179c196b885fe6ac

SHA256
bf44263ef5cb6017618fa4b3da0b60363ac558252ace587a1ec655a171f5d77f

SHA512
f92f7cd1bbf593842eb82145fffb86b3089ebf8fb351996e1c15077e6e54d0918a09f7ee48fe6d39c9ab5d1149ac7d28bc9640240a2294c5c6209e4e74b1991f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363032299070398

Filesize
1KB

MD5
5c98b42d9ffe6667759cead2b8c9a887

SHA1
4a5e0f328252d4545dac27f47d0a6ee369e70dde

SHA256
11130de310d5083f91eee7a2b59283db8589b629a5a7bb177e35c931528a822e

SHA512
2917dace49e4cee0c0a4d64f8e9f273c53272adde2c3a90784327268c4a47c3bf3c66ba416ee9c81ee9dce4ca1d1497f4aaab7fefc79c2d9645b02210f068b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c3c16b98f412ae795957a5794e55299a

SHA1
82111913b6fe40f1aee86e53625d8c3da3b26797

SHA256
054c70eb618eea50d0ad08fbb396f1ae0b38e001841f9aa20cb5c610337bfc21

SHA512
8f94b1ac4c8a6dde1ac0918613ea11c57d1c715cfd28c5b429d066275091f15bf499a2a7f7c17ad773efd7b5c6a5d224c0076e1ee984802e526e92c233f36259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
388c4a4409c1f1db411af87af310ef5b

SHA1
a49f576514a36a831def4284c7bc6a912db6065d

SHA256
a276de5801832590e63349b68e9f5e7d6b45348e0ecf99d6825c004808c7d2c1

SHA512
d52037b79ebafa733ae809ac66aedc7f9a06ba877b3f34e89af14a298bac47a12effc1fbb60a31afe47d21eb3313a1e370838231c76448cf9535c6e59b60694d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
198B

MD5
fe6a349bc30f3d8ac99d961ef08e4d96

SHA1
11b3619a783755b09ae95c8080c161dc8cac5ed1

SHA256
59c299c9bdabdaac88d42ac4dd8ef830b8e621ac62310fca38ac1d5b64c9af14

SHA512
9abc1e92cfeadd7a3655fa10e643c083a2f58762afc7324665006876dde6732c3b7f784284f28e7ab5f42eb1075fdb35014a71651889a31b11a281ee84fbebba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3fcc8c82d7a989e93de644ce0a02156e

SHA1
49ecb5b5b02b66d2759c08ca682b3028d11d3a26

SHA256
96629d970d42a3b9c6d1114ddd04c47054989e21a147af542712d5903573f824

SHA512
b36ff664e338d0f16b5ab6b31282f818e1e3cf7fd5ef044a23e176761a8a573fab87c7b9c7b4d0abb93de9753b9f0688ca8f41f70cf2a96cffa90ebd8983b5f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
bc89739d438948594e666c0aa92dd9b1

SHA1
92149113d03ff51da6ff2bc56e3f463179369ac5

SHA256
cdc0a01dbe8a77600867f1bd10d7dfe3aeda590bc337cfb5aa37c5a2452413fd

SHA512
ffb2ae132313249249309402bd329d7339f60e58581193bce8a41d33192a21f10cc6b29ff1f4206a980e2ee21e96e78c7b21c531084265efefa0592598c320b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1d2b96a1463ddd602c8d9e0437b95d50

SHA1
326be281161efbd70dbb5f7d325ca5e15a3dcdea

SHA256
c9463bc596246bf902c8e71e3c61533164dc60713173b251a850e0bda1e86bf4

SHA512
7252c162abadaba585863762316c0d266ac680715ed983208ab960d6b8110be7a68c71f9e55a759614fdaf6ef34b1843540595c4553a6efbdb964a8678abae28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
220a83de364ef26905a0ffc50819232e

SHA1
bd996e1f653b4233e483a36f45f075069578c4ea

SHA256
851753bdfa4be19c786f7ece4c392b4504ffc35a3f61440ea2e1e33ee4742d7e

SHA512
1ab070fb3b5b1472476449957b1e93b5eec46e77263c8049d22b2395875d0958b52e5bb7f1ec1327f2b25a4c4ada2f8a179aaea85ca023e516a9f9c0cf93671b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
67c7e706eaea63b0f98e1780f88f2578

SHA1
08443506b7032761f6242b1135900278e2dcc0bb

SHA256
0e170e3b1bc2cb379778c92d227223c05dbcbc22b0165262be7ed95800ce10fd

SHA512
ea591b648f80e28114f01e9572dcf50aa58cfc49d9d4fbdf1716f853f2bc52229f1dc9d42d33d078561901660855432f3b6f2b6fc5e34b66253a5e6c0f3e678d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
767ec10689fe2feb734134e3429e2182

SHA1
e5536229a92676eefc722315db0b2bf922284a28

SHA256
be6cbdd3d329bfdc0651401f6b01f5be24980ab7cb6d39b28dcf01c66e1cc724

SHA512
ea0c477f0505654fbae96e74d42e995bd770b11fc08a27fa0a3fb124a199611dd67c7b6b69b40bff724c45d9691e0c7291482e511d91573bf99f20bd570ce299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5e3ac3a85ba3d36dae6c8fd50bddc290

SHA1
96e763ec91f700e648a88619753ad5e518128fb3

SHA256
4bc474942a0326ea96fc25c359ffbac92089a9bb4c724021dd59c5c8b16ef875

SHA512
e756a5f972f55d83d1dd59a29e763a77d1798f158dd39fe423999fc3a0dea898aed65df8b1ec4cc1ee023b63240851922199a1fdab41dc232696c6fc97ef2a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b1569bcc17814a4236170f8b901c2e80

SHA1
9d37b1727dabe180127d4449f654fe3beb819d46

SHA256
12f03e58065c05f3112baf917ae88be9225dfe715f77ac610b890e8b8f0db13c

SHA512
837361330eb0722e2198d7269a93401dc59f1ee5ac8d9d27280fcbf949f9e267d437e500c8080bb627e29fd50f42cd746369121e986ebd6a1a50d107188b3f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5911007d0c6187ca6d4c0123336577dd

SHA1
16d26e95e26e0591ce2039a79443f8f899379ec1

SHA256
53edc325c79e5af5b68b6d044891b0d503e0a0b90606a0f1757b835bcce9b3b6

SHA512
25f38e73bb352f8d37cc37f5742ea72abc08bac4686168eabbb4e554ae789847b19aa467a23396c921abe734105b34525f50539f27bcd7f9667117bcccf8eca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
223a38ad79524edd81d0ca4385872c5e

SHA1
bb1221a5481ab11f73be272e628a3c54bc14b1a6

SHA256
219cf00dd413a71b7cea592325429c0029375c142db0a0a3071e560abf223c61

SHA512
a4c277782ce8a74220e4a599f879b5fa12a4af6d908c3fff0341e499c960c2607aa1e79954b03c1e7cd7d1af575e89f10a874e6d134b048534f87bcd94754be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
46d2d3490a7643ab07a4e87bc8e47b1e

SHA1
b66e2470c0345d00f265b6754e98eaea8ece9d79

SHA256
0fad9581d15c8137359b14eba0a400fed362bd1c091444ee39725a79f110e42b

SHA512
e080d5664a664cfc33b3d8373d0f3b9e1087884b5194a47b26596999437bb113c5cf8d79dc38e46f99b5c8bff20e00454aecb4c071b347e7e843e0aad7ee4882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
235e0a949b5f8578afc1d888d15c45a3

SHA1
165d5f669888d8df647f977a2819bbc04e0cac8b

SHA256
f49ef2c56edf6b067fbdb183aa6f285625b6c2d1a8a73921c409fcdb06c6137c

SHA512
4d170338447d7d8e9e1ea64e3a9c2e98b69680e74da1b8ab105bfc8a497d52e97206f5e6128b04a893ca8cea96cf2bd2c7da8ef7d66511f547183d7fbb31f8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
8a3ab12cd47ac4a7b5430dfc1f58aab5

SHA1
61c678fa3850973ded3ea7963e8b198955843e7d

SHA256
af13fd5836df6d73f46d9010f224dd0dae4eefb66771ff67247db1ba285e29e9

SHA512
fa812ef060b71faa0923c401d76db5d4ebe617dcfe4223336c4802c57b1a263fa2120071ab1c4f6cd9f45a1931b25b0a07f34dc690d2169b1e7bf9c356ccb284

Download Submit